New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configuration as Code plugin breaks hashicorp vault plugin #922
Comments
if you use hashicorp vault plugin and JCasC, which use the same version of We had no issue using it in our Jenkins instance. What secret engine are you using, v1 or v2? Pretty sure this is not an issue with JCasC. |
I downgraded JCasC to version 1.16 and it seems to work fine with that. I didn't set engineVersion as I never had to do that. We are using secret engine v1. |
For JCasC you have to set This is noted in the readme: https://github.com/jenkinsci/configuration-as-code-plugin#vault |
Also, there are no code changes between 1.16 to 1.20 regarding Vault so 😕 |
What confused me is that i took a jenkins container, installed hashicorp vault pipeline plugin, tested, worked fine. Then i installed JCasC and it stopped working without doing any configuration... |
@alexandruivan can you show me a snippet of your pipeline? |
Its likely a classpath clash, hashicorp vault pipeline plugin uses hashicorp-vault-plugin which uses 4.0 on master but they haven't released in 10 months... I'm assuming installing configuration-as-code means the newer version of the library is picked up and not the older one? Its fixed on master of the hashicorp-vault-plugin but not released for some reason... |
oh... I guess I was confused I thought hashcorp vault pipeline plugin is the same as hashicorp-vault-plugin |
I have this exact issue and it is causing me at least 2 days. Granted most of the issue is caused by the hashicorp-vault-plugin guys are holding on the fix and have not release an update in 10 month. What was troubling for me is that JCasC is using vault-driver 4.0 which defaults kv2, HVP(hashicorp-vault-plugin) is using 3.1 which defaults kv1 but HVP is somehow switched to using vault-driver 4.0 when both plugins are installed even tho HVP plugin folder have the vault-driver 3.1.0.jar I have tried putting CASC_VAULT_ENGINE_VERSION=1 but the problem is not CASC but HVP. |
Jenkins does not isolate classloading between plugins. So there is a binary
conflict. It might be possible to add shading of the library in JCasC to
prevent the issue. Updating the library dependency in Hashicorp Vault is
also a temporary solution
…On Tue, Jul 30, 2019, 01:34 syck40 ***@***.***> wrote:
I have this exact issue and it is causing me at least 2 days. Granted most
of the issue is caused by the hashicorp-vault-plugin guys are holding on
the fix and have not release an update in 10 month.
What was troubling for me is that JCasC is using vault-driver 4.0 which
defaults kv2, HVP(hashicorp-vault-plugin) is using 3.1 which defaults kv1
but HVP is somehow switched to using vault-driver 4.0 when both plugins are
installed even tho HVP plugin folder have the vault-driver 3.1.0.jar
I have tried putting CASC_VAULT_ENGINE_VERSION=1 but the problem is not
CASC but HVP.
Is there an easy way for me to disable CASC? I have to currently touch
$JENKINSHOME/plugins/casc.disable to kill it and HVP is able to go back
using vault-driver 3.1.0 and everything would work.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#922?email_source=notifications&email_token=AAW4RIDLNVABXUDSGD4BN7TQB55APA5CNFSM4HXIBXIKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3CJWLQ#issuecomment-516201262>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAW4RIBFUQZDXZYFGB336CTQB55APANCNFSM4HXIBXIA>
.
|
The quickest fix would be to get a release of hashicorp-vault-plugin done |
Asked about the release in jenkinsci/hashicorp-vault-plugin#23 |
Or deploy your own version of that plugin in the meantime |
Resolved now in newest hashicorp-vault-plugin |
Jenkins version: 2.164.3
Plugin version: 1.20
OS: alpine-LTS
Description
Just with hashicorp-vault-pipeline-plugin, it can get a secret from vault fine. When you install configuration as code plugin and restart jenkins, secrets are not found anymore, as you get 404 not found.
Tested with hashicorp vault plugin version 1.2 and hashicorp vault plugin 2.2.0.
The text was updated successfully, but these errors were encountered: